IS Audit & ERP Implementation
Information System Audit :
Technology is major source of business growth and advancement as well as business risk. Technology is key factor for growth of every business. But there is always a miscommunication and gap between the business executives and IT professionals because businessperson faces difficulty in understanding IT language. and for eliminating these loopholes an effective strategy is required.
Information is undeniably regarded as most valuable asset for an company and protecting it from outside and within have become the main issue of consideration for company. Information System Audit covers automated information processing system evaluation, non- automated processes and in between interface.
IT audit also support to reduce risks of data tampering, data loss or leakage, service disruption and poor management of systems.
What is information system audit?
Process of collecting and evaluating evidence to determine whether a (computerized) system:
- Safeguards assets
- Maintains data integrity
- Enables communications & access to information
- Achieve operational goals effectively
- Consumes resources efficiently
Information Technology Auditing
- involves evaluating the computer’s role in achieving
- audit objectives and
- control objectives
- means proving data and information are
- secure, and
- available as needed
Objectives of information system audit
- Collecting & evaluating evidence to determine if system accomplishes its organizational tasks effectively & efficiently
- Understanding the organization & environment
- Understanding the Control Approach
- Control – a system that prevents, detects, or corrects unlawful, undesirable or improper events.
- safeguarding of assets and data integrity
- Operational effectiveness.
Types of IT audits:
- Systems and Applications:
An audit to verify that systems and applications are appropriate, are efficient, and are adequately controlled to ensure valid, reliable, timely, and secure input, processing, and output at all levels of a system’s activity. System and process assurance audits form a subtype, focusing on business process-centric business IT systems.
- Information Processing Facilities:
An audit to verify that the processing facility is controlled to ensure timely, accurate, and efficient processing of applications under normal and potentially disruptive conditions
- Systems Development:
An audit to verify that the systems under development meet the objectives of the organization and to ensure that the systems are developed in accordance with generally accepted standards for systems development.
- Management of IT and Enterprise Architecture:
An audit to verify that IT management has developed an organizational structure and procedures to ensure a controlled and efficient environment for information processing.
- Client/Server, Telecommunications, Intranets, and Extranets:
An audit to verify that telecommunications controls are in place on the client (computer receiving services), server, and on the network connecting the clients and servers.
What is Enterprise Resource Planning [ERP]?
Enterprise resource planning (ERP) is the integrated management of main business processes, often in real time and mediated by software and technology. ERP is usually referred to as a category of business management software typically a suite of integrated applications, that an organization can use to collect, store, manage, and interpret data from many business activities.
ERP provides an integrated and continuously updated view of core business processes using common databases maintained by a database management system. ERP systems track business resources cash, raw materials, production capacity and the status of business commitments: orders, purchase orders, and payroll. The applications that make up the system share data across various departments (manufacturing, purchasing, sales, accounting, etc.) that provide the data. ERP facilitates information flow between all business functions and manages connections to outside stakeholders.
ERP system is an IT solution that helps organizations to achieve enterprise wide integration which results in faster access to accurate information required for decision making.